New QIDs for Identifying Content Management Systems (CMS) and Plugins

A Content Management System (CMS) is a platform for quickly creating and deploying web applications. Three of the most popular CMSs are WordPress, Joomla, and Drupal. Many third-party plugins that provide various useful capabilities are available for these CMSs as well. Unfortunately, these platforms and plugins have historically been full of security holes and there's little sign of that slowing down for either WordPress, Joomla, or Drupal.

One thing we heard from multiple WAS customers was that they had no good way of knowing which CMSs were running across their enterprise. This becomes a big problem when a security advisory is published about a severe vulnerability in (for example) WordPress itself or a popular WordPress plugin. The security team needs to know if that vulnerable version of WordPress or the plugin is running anywhere in their environment so they can quickly get it patched.

To help our customers in this scenario, the WAS scan engine includes new informational QIDs to identify and report if WordPress, Joomla, or Drupal versions are found on the target web application during a scan. A QID for Magento CMS was added in January 2020. Other QIDs will report when various CMS plugins are found on the scanned web app.

The following informational QIDs are used to report when a particular CMS is found on the target web app:

QID 150177 - WordPress CMS Version Detected

QID 150182 - Joomla CMS Version Detected

QID 150183 - Drupal CMS Version Detected

QID 150244 - Magento CMS Detected (added in January 2020)

The following informational QIDs are for reporting when a CMS plugin is detected on the target web app:

QID 150184 - WordPress Plugins Detected

QID 150185 - Joomla Plugins Detected

QID 150186 - Drupal Plugins Detected

If your organization's entire web application portfolio is being scanned with Qualys WAS on a regular basis as recommended, you now have quick access to vital information regarding your exposure to various CMS instances. You don't need to view individual scan reports. Simply navigate to the Detections area of WAS and search on one of the QIDs above. All instances where that CMS was detected will be returned, allowing you to take appropriate action.